Retreiving 32 bits from the end for fuzzer

10 files changed, 36 insertions, 50 deletions

diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c
index 30f0448..668d7c3 100644
--- a/ossfuzz/compress_frame_fuzzer.c
+++ b/ossfuzz/compress_frame_fuzzer.c
@@ -19,13 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
     LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
-
+    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
-    size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
-    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, compressBound);
 
-    size = FUZZ_dataProducer_remainingBytes(producer);
-    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
+    size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
+    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
 
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);
diff --git a/ossfuzz/compress_fuzzer.c b/ossfuzz/compress_fuzzer.c
index fac7dab..edc8aad 100644
--- a/ossfuzz/compress_fuzzer.c
+++ b/ossfuzz/compress_fuzzer.c
@@ -16,10 +16,11 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, LZ4_compressBound(size));
-
+    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
-    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, LZ4_compressBound(size));
+
+    size_t const compressBound = LZ4_compressBound(size);
+    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
 
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);
diff --git a/ossfuzz/compress_hc_fuzzer.c b/ossfuzz/compress_hc_fuzzer.c
index fac5e6f..7d8e45a 100644
--- a/ossfuzz/compress_hc_fuzzer.c
+++ b/ossfuzz/compress_hc_fuzzer.c
@@ -17,12 +17,10 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer,
-        0, LZ4_compressBound(size));
-    size_t const levelSeed = FUZZ_dataProducer_uint32(producer,
-        LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
-
+    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+    size_t const levelSeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
+
     size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
     int const level = FUZZ_getRange_from_uint32(levelSeed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
 
diff --git a/ossfuzz/decompress_frame_fuzzer.c b/ossfuzz/decompress_frame_fuzzer.c
index cf88579..0fcbb16 100644
--- a/ossfuzz/decompress_frame_fuzzer.c
+++ b/ossfuzz/decompress_frame_fuzzer.c
@@ -31,15 +31,13 @@ static void decompress(LZ4F_dctx* dctx, void* dst, size_t dstCapacity,
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer,
-        0, 4 * size);
-    size_t const largeDictSize = 64 * 1024;
-    size_t const dictSizeSeed = FUZZ_dataProducer_uint32(producer,
-        0, largeDictSize);
-
+    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+    size_t const dictSizeSeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
+
     size_t const dstCapacity = FUZZ_getRange_from_uint32(
       dstCapacitySeed, 0, 4 * size);
+    size_t const largeDictSize = 64 * 1024;
     size_t const dictSize = FUZZ_getRange_from_uint32(
       dictSizeSeed, 0, largeDictSize);
 
diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c
index c2595b0..6f48e30 100644
--- a/ossfuzz/decompress_fuzzer.c
+++ b/ossfuzz/decompress_fuzzer.c
@@ -15,11 +15,10 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, 4 * size);
-
+    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
-    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, 4 * size);
 
+    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, 4 * size);
     size_t const smallDictSize = size + 1;
     size_t const largeDictSize = 64 * 1024 - 1;
     size_t const dictSize = MAX(smallDictSize, largeDictSize);
diff --git a/ossfuzz/fuzz_data_producer.c b/ossfuzz/fuzz_data_producer.c
index 9557f58..cc06958 100644
--- a/ossfuzz/fuzz_data_producer.c
+++ b/ossfuzz/fuzz_data_producer.c
@@ -17,22 +17,18 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size)
 
 void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); }
 
-uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
-                                  uint32_t max) {
-  FUZZ_ASSERT(min <= max);
-
-  uint32_t range = max - min;
-  uint32_t rolling = range;
-  uint32_t result = 0;
-
-  while (rolling > 0 && producer->size > 0) {
-    uint8_t next = *(producer->data + producer->size - 1);
-    producer->size -= 1;
-    result = (result << 8) | next;
-    rolling >>= 8;
-  }
-
-  return result;
+uint32_t FUZZ_dataProducer_retrieve32(FUZZ_dataProducer_t *producer) {
+    const uint8_t* data = producer->data;
+    const size_t size = producer->size;
+    if (size == 0) {
+        return 0;
+    } else if (size < 4) {
+        producer->size -= 1;
+        return (uint32_t)data[size - 1];
+    } else {
+        producer->size -= 4;
+        return *(data + size - 4);
+    }
 }
 
 uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max)
@@ -47,7 +43,7 @@ uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max)
 uint32_t FUZZ_dataProducer_range32(FUZZ_dataProducer_t* producer,
     uint32_t min, uint32_t max)
 {
-    size_t const seed = FUZZ_dataProducer_uint32(producer, min, max);
+    size_t const seed = FUZZ_dataProducer_retrieve32(producer);
     return FUZZ_getRange_from_uint32(seed, min, max);
 }
 
diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h
index db18fd2..b96dcba 100644
--- a/ossfuzz/fuzz_data_producer.h
+++ b/ossfuzz/fuzz_data_producer.h
@@ -16,9 +16,8 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size);
 /* Frees the data producer */
 void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer);
 
-/* Returns a seed value for the function after this one to consume */
-uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
-                                  uint32_t max);
+/* Returns 32 bits from the end of data */
+uint32_t FUZZ_dataProducer_retrieve32(FUZZ_dataProducer_t *producer);
 
 /* Returns value between [min, max] */
 uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max);
diff --git a/ossfuzz/round_trip_frame_fuzzer.c b/ossfuzz/round_trip_frame_fuzzer.c
index aea13bb..149542d 100644
--- a/ossfuzz/round_trip_frame_fuzzer.c
+++ b/ossfuzz/round_trip_frame_fuzzer.c
@@ -18,10 +18,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, size);
     LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
-
     size = FUZZ_dataProducer_remainingBytes(producer);
-    size_t const dstCapacity = LZ4F_compressFrameBound(LZ4_compressBound(size), &prefs);
 
+    size_t const dstCapacity = LZ4F_compressFrameBound(LZ4_compressBound(size), &prefs);
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(FUZZ_dataProducer_remainingBytes(producer));
 
diff --git a/ossfuzz/round_trip_fuzzer.c b/ossfuzz/round_trip_fuzzer.c
index 80cd910..6307058 100644
--- a/ossfuzz/round_trip_fuzzer.c
+++ b/ossfuzz/round_trip_fuzzer.c
@@ -15,11 +15,10 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const partialCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, size);
-
+    size_t const partialCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
-    size_t const partialCapacity = FUZZ_getRange_from_uint32(partialCapacitySeed,
-        0, size);
+
+    size_t const partialCapacity = FUZZ_getRange_from_uint32(partialCapacitySeed, 0, size);
     size_t const dstCapacity = LZ4_compressBound(size);
 
     char* const dst = (char*)malloc(dstCapacity);
diff --git a/ossfuzz/round_trip_hc_fuzzer.c b/ossfuzz/round_trip_hc_fuzzer.c
index 75ca8ec..7d03ee2 100644
--- a/ossfuzz/round_trip_hc_fuzzer.c
+++ b/ossfuzz/round_trip_hc_fuzzer.c
@@ -18,10 +18,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
     int const level = FUZZ_dataProducer_range32(producer,
         LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
-
     size = FUZZ_dataProducer_remainingBytes(producer);
-    size_t const dstCapacity = LZ4_compressBound(size);
 
+    size_t const dstCapacity = LZ4_compressBound(size);
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);